From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adonay Felipe Nogueira Subject: Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support Date: Sun, 9 Dec 2018 21:00:41 -0200 Message-ID: References: <87d0u9s1x0.fsf@dustycloud.org> <87bm8nugmv.fsf@inria.fr> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="V0YvsH08FKVNpsZ03JcKdFxn9P6AfqCKR" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:50972) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gW84j-0000OD-CZ for guix-devel@gnu.org; Sun, 09 Dec 2018 18:01:26 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gW84c-0008IR-U9 for guix-devel@gnu.org; Sun, 09 Dec 2018 18:01:25 -0500 Received: from relay12.mail.gandi.net ([217.70.178.232]:38147) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gW84Z-0008EU-SZ for guix-devel@gnu.org; Sun, 09 Dec 2018 18:01:16 -0500 Received: from [192.168.1.100] (unknown [191.186.204.32]) (Authenticated sender: adfeno@hyperbola.info) by relay12.mail.gandi.net (Postfix) with ESMTPSA id 63C77200011 for ; Sun, 9 Dec 2018 23:01:06 +0000 (UTC) In-Reply-To: <87bm8nugmv.fsf@inria.fr> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --V0YvsH08FKVNpsZ03JcKdFxn9P6AfqCKR Content-Type: multipart/mixed; boundary="ncFUHtjyLYxoky5PFOz2KjXsHRzs7nyFZ"; protected-headers="v1" From: Adonay Felipe Nogueira To: guix-devel@gnu.org Message-ID: Subject: Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support References: <87d0u9s1x0.fsf@dustycloud.org> <87bm8nugmv.fsf@inria.fr> In-Reply-To: <87bm8nugmv.fsf@inria.fr> --ncFUHtjyLYxoky5PFOz2KjXsHRzs7nyFZ Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Em 24/09/2018 11:14, Ludovic Court=C3=A8s escreveu: > Christopher Lemmer Webber skribis: >> - There's also Google's recent work with Magenta/Fuschia. From wha= t >> I've read, architecturally this looks right. I think the reason >> for worry here is the same difficulty the community has had to >> build actual community and libre distributions on top of the >> Android ecosystem could apply here. >=20 > Indeed. >=20 > We could also mention MINIX, which many of us are already using daily. > :-) >=20 > Putting aside Fuschia, I think the Hurd and MINIX are by far the > solutions that require the less work to be in a state where people with= > =E2=80=9Cregular needs=E2=80=9D like the rest of us to switch (MINIX is= probably in that > state already.) >=20 > The Hurd already has a very advanced POSIX C library, which is not > negligible, especially compared to the other OSes. Much progress has > been made in recent years wrt. drivers (using the Rump kernel in > particular.) There are of course serious shortcomings, in particular > lack of 64-bit and SMP support. But fixing these is relatively =E2=80=9C= little > work=E2=80=9D in the grand scheme of things. >=20 > To put this in perspective, consider Linux namespaces: they have alread= y > seen years of evolution, and the story of user namespaces shows that > it=E2=80=99s far from complete. I don't know if what I'll say will be off-topic here given that this list is about Guix development, not on general free/libre software activism, but please forgive me anyways. So, my worry is that if we somehow were to support Fuchsia and if it were to be not strong auto-upgradable copyleft with community-oriented enforcement, then we could actually loose the freedoms of the software for the end user. This thought was initially presented by Eben Moglen during one of his talks[1], but I just tried to bring the issue to Guix. [1] https://media.libreplanet.org/u/libreplanet/m/the-free-software-movement-= in-the-age-of-trump/ --ncFUHtjyLYxoky5PFOz2KjXsHRzs7nyFZ-- --V0YvsH08FKVNpsZ03JcKdFxn9P6AfqCKR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlwNnqQACgkQyNbhUgHunaFPCgD9HKYPay2YNHmwJqY3f3LdoD0d 5u6N8l07DaCaPRtOSgwBAIH74SHCUpUjCRGAE414iFtTT8sr2xD3Yjt+PLaltyWo =ZR/r -----END PGP SIGNATURE----- --V0YvsH08FKVNpsZ03JcKdFxn9P6AfqCKR--